[keycloak-user] Unable to Store and Retrieve Group-Role relationship in LDAP
abhishek raghav
abhi.raghav007 at gmail.com
Fri Mar 10 06:15:11 EST 2017
Thanks Marek.
Is it possible by writing a *custom ldap mapper* and deploy in Keycloak for
this scenario.
We am using *MSAD *as our LDAP provider.
If yes, do you have any example implementation for the same.
I also found that there is some SPI for User Federation Mapper SPI.
https://keycloak.gitbooks.io/server-developer-guide/content/v/2.2/topics/user-federation-mapper.html
*- Best Regards*
Abhishek Raghav
On Fri, Mar 10, 2017 at 4:32 PM, Marek Posolda <mposolda at redhat.com> wrote:
> Yes, you're right. This is not available ATM. What is available is the
> support for Keycloak group inheritance to be mapped for LDAP groups. But
> mapping for:
> - Groups-roles membership mappings
> - Roles to composite roles membership mappings
> is not available now.
>
> Feel free to create JIRA. But not sure if we ever go into it...
>
> Marek
>
>
> On 10/03/17 11:31, abhishek raghav wrote:
>
>> Hi
>>
>> I have a set of* Realm Roles* that is mapped to an certain *OU=Roles* in
>> an
>> *MSAD*. Similar is the case for a set of *Groups*.
>>
>> But when I *assign a group with a certain role, the assignment is visible
>> in Keycloak. But the same is not reflected on the AD.*
>> I mean, this mapping of role and group is *not stored in the "member" or
>> "memberof" attributes of either the respective group or the role*.
>>
>> Please suggest is this functionality available using any mapper from
>> Keycloak to AD? Or do we need to create our own Custom Mapper? If yes,
>> how?
>>
>>
>> *- Best Regards*
>> Abhishek Raghav
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
More information about the keycloak-user
mailing list